Saturday, March 03, 2018

REYKJAVIK, Iceland (AP) — Some 600 computers
used to "mine" bitcoin and other virtual currencies have
been stolen from data centers in Iceland in what police say is the
biggest series of thefts ever in the North Atlantic island nation.

Some 11 people were arrested, including a security
guard, in what Icelandic media have dubbed the "Big Bitcoin
Heist." A judge at the Reykjanes District Court on Friday
ordered two people to remain in custody.

The powerful computers, which have not yet been
found, are worth almost $2 million. But if the stolen equipment is
used for its original purpose — to create new bitcoins — the
thieves could turn a massive profit in an untraceable currency
without ever selling the items.

… The Bitcoin ledger is powered by "miners,"
so-called because they throw computational power into the system,
occasionally receiving — or "mining" — new bitcoins in
return. Drumming up that computational power usually means lots of
computers — and thus lots of electricity.

That desire for energy has created a gold rush for
bitcoin in Iceland. Traders searching for cheap, renewable energy
have been flooding into the island in recent months to take advantage
of its geothermal and hydroelectric power plants.

Police tracking the stolen computers are
monitoring electric consumption across the country in hopes the
thieves will show their hand, according to an industry source who
spoke on condition of anonymity because he is not allowed to speak to
the media.

58
percent of incidents involved insiders.Healthcare
is the only
industry in which internal actors are the biggest threat to an
organization. Often they are driven by financial gain,
such as tax fraud or opening lines of credit with stolen information
(48 percent); fun or curiosity in looking up the personal records of
celebrities or family members (31 percent); or simply convenience
(10 percent).

27
percent of incidents were related to PHI printed on paper.
Medical device hacking may be in the news, but it seems the real
criminal activity is found by following the paper trail. Whether
prescription information sent from clinics to pharmacies, billing
statements issued by mail, discharge papers physically handed to
patients, or filed copies of ID and insurance cards, printed
documents are more prevalent in the healthcare sector than any
other. The very nature of how PHI paperwork is handled and
transferred by medical staff has led to preventable weaknesses –
sensitive data being misdelivered (20 percent), thrown away without
shredding (15 percent), and even lost (8 percent).

21
percent of incidents involved lost and stolen laptops containing
unencrypted PHI. More employee education is required to ensure that basic
security measures are put in place.

Equifax Inc
(EFX.N)
said it expects costs related to its massive 2017 data breach to
surge by $275 million this
year, suggesting the incident at the credit reporting
bureau could turn out to be the most costly hack in corporate
history.

The projection, which was disclosed on a Friday
morning earnings conference call, is on
top of $164 million in pretax costs posted in the second half of
2017. That brings expected breach-related costs through
the end of this year to $439 million, some $125 million of which
Equifax said will be covered by insurance.

… Total costs of the breach, which compromised
sensitive data of more than 147 million consumers, could
be “well over $600 million,” after including costs to
resolve government investigations into the incident and civil
lawsuits against the firm, he said.

Consider: Russia has demonstrated what some of its
offensive cyber weapons can do in very limited attacks. Can we now
imaging what a cyber war would look like?

… In
its latest 10-Q
filingwith
the Securities and Exchange Commission (SEC), Nuance reveals that,
for the fiscal year 2017, NotPetya caused losses of around $68.0
million in revenues, and incurred incremental costs of approximately
$24.0 million as result of remediation and restoration efforts.

What a typical photo confirmation looks like.
Business Insider/Hayley Peterson Herrin According
to USA Today, the online retailer has recently expanded a program
called Amazon Logistics Photo On Delivery that involves a carrier
taking a photo of a package after delivering it.

… The photo, included in the delivery
confirmation, is meant to help the customer identify where and when
the packages were left.

But Amazon also does this for internal insurance —
it gets a record of whether the package was left at the customer's
specified delivery location, should the customer say they never
received it. [Does that
transfer the liability to the homeowner’s insurance? Bob]

(Related) You could think of this as a ‘Trade
War’ or as a way to keep Google from seeing what Amazon does when
they deliver inside the house. (Will Google call this an abuse of
‘monopoly’ power?)

On Wednesday, at about 12:15 pm ET, 1.35
terabits per second of traffic hit the developer platform
GitHub all at once. It was the most powerful distributed denial of
service attack recorded to date—and it used an increasingly popular
DDoS method, no botnet required.

GitHub briefly struggled with intermittent outages
as a digital system assessed the situation. Within 10
minutes it had automatically
called for help from its DDoS mitigation service, Akamai
Prolexic. Prolexic
took over as an intermediary, routing all the traffic coming into
and out of GitHub, and sent the data through its scrubbing centers to
weed out and block malicious packets. After eight minutes, attackers
relented and the assault dropped off.

A mere 294 breaches, with 16,060 records
compromised per breach. Probably not time to start bragging.

In 2017, the number of individuals
affected by breaches within the healthcare sector reached a four-year
low, according to a new report from Campbell, Calif.-based security
company Bitglass.

The report revealed that the majority of
breaches were due to hacking and IT incidents (71 percent), and that
percentage has continued to grow since 2014. The fourth annual
Healthcare
Breach Report aggregates data from the U.S. Department of Health
and Human Services’ (HHS) Wall of Shame—a database of breach
disclosures that is required as part of the Health Insurance
Portability and Accountability Act (HIPAA)—to identify the most
common causes of data leakage.

A vast amount of
data that is discarded — the so-called ‘data exhaust’ —
actually hold a lot of value and could be tapped to create new
competitive advantages, according to this opinion piece by Scott
Snyder, a Wharton senior Fellow, and Alex Castrounis, vice
president of product and advanced analytics for Rocket Wagon, an
Internet of Things, digital and AI company.

Instead of the Internet of Things (IoT), perhaps
we should call it the data of things or the internet of data?

IoT will generate a staggering 400 zettabytes (or
400 trillion gigabytes) of data a year by 2018, according to the 2016
Cisco Visual Networking Index. This is being driven by everything
from wearables and smart home devices to high-end connected platforms
like the Boeing 787, which generates 40 terabytes per hour of flight,
or a Rio Tinto mining operation that can generate up to 2.4 terabytes
of data a minute (more than 20 times what Twitter generates in a
day).

Despite this huge growth in data from IoT devices,
only a small amount (8.6 Zettabytes) will actually be sent to data
centers for storage and subsequent analysis — the ‘data exhaust’
is much bigger than what’s actually being analyzed for insights.

… On the B2B side, companies like John Deere
have used IoT data to shift their business model. The average farm
went from generating 190,000 data points per day in 2014 to a
projected 4.1 million data points in 2020 fueled by the significant
growth in sensorization of fields and equipment. By turning these
data streams into insights and prescriptive analytics, or automated
decisions based on data, Deere moved from selling farm equipment to
delivering ‘Precision Farming’ services, guided by their data
advantage.

A
majority of Americans use Facebook and YouTube, but young adults are
especially heavy users of Snapchat and Instagram: “A new Pew
Research Center survey of U.S. adults finds that the social media
landscape in early 2018 is defined by a mix of long-standing trends
and newly emerging narratives. Facebook and YouTube dominate this
landscape, as notable majorities of U.S. adults use each of these
sites. At the same time, younger Americans (especially those ages 18
to 24) stand out for embracing a variety of platforms and using them
frequently. Some 78% of 18- to 24-year-olds use Snapchat, and a
sizeable majority of these users (71%) visit the platform multiple
times per day. Similarly, 71% of Americans in this age group now use
Instagram and close to half (45%) are Twitter users. As has
been the case since the Center began surveying about the use of
different social media in 2012, Facebook remains the primary platform
for most Americans. Roughly two-thirds of U.S. adults (68%) now
report that they are Facebook users, and roughly three-quarters of
those users access Facebook on a daily basis. With the exception of
those 65 and older, a majority of Americans across a wide range of
demographic groups now use Facebook. But the social media story
extends well beyond Facebook. The video-sharing site YouTube –
which contains many social elements, even if it is not a traditional
social media platform – is now used by nearly three-quarters of
U.S. adults and 94% of 18- to 24-year-olds. And the typical (median)
American reports that they use three of the eight major platforms
that the Center measured in this survey…”

Which auto makers will survive a rides-on-demand
future where individuals will not buy cars?

Toyota Motor Corp said a new venture would be
investing more than $2.8 billion to develop automated-driving
software - the latest salvo in an increasingly frenetic battle to be
ahead in a sector hit by a slew of disruptive technologies.

Uber is
driving patients to their doctors in a big grab for medical transit
market

Uber announced the launch of
a new digital tool meant to book rides for patients who need
assistance getting to and from their appointments. A health care
provider can book a ride for patients and caregivers immediately,
within a few hours, or with 30 days’ notice. The company is
positioning itself as a cheaper and more reliable option than most
non-emergency medical transportation.

… The non-medical-emergency medical
transportation market is worth more than $3
billion, according to the Transit Cooperative Research Program, a
federally funded independent research entity. A lot of that money is
for people who can’t drive — either because of age or poverty —
and so Medicare and Medicaid providers foot the bill. Uber has
clearly become interested in the industry.

Microsoft this week announced the first major
upgrade to its Quantum Development Kit since its introduction last
year. It has added several new features designed to open the
platform to a wider array of developers, including support for Linux
and macOS, as well as additional open source libraries.

Further, the kit will be interoperable with the
Python computing
language.

Citing anonymous
sources, German news agency dpa had earlier reported that the
Russian hacking group APT28 had placed malware in a government
network and infiltrated both the Foreign Ministry and the Defense
Ministry.

The sources said the malware could
have remained in the government's networks for as long as a year
before the government discovered
the breach in December.

Security
services reportedly allowed the malware to remain in the system until
Wednesday to try and gather information about the attack and who was
responsible.

… The hackers reportedly infiltrated the
government's "Informationsverbund Berlin-Bonn" (IVBB)
network, a specially designed communications platform which is
separate from other public networks to ensure a
supposed added layer of security. It's used exclusively
by the chancellery, the German parliament, federal ministries, the
Federal Audit Office and several security institutions in Berlin and
Bonn; the former German capital where some ministries still have
offices.

The government said it receives roughly 20
attempted hacking attacks per day, while German intelligence services
also carry out penetration tests once per week.

… Some opposition lawmakers have criticized
the security services for failing to inform them about the attack.

"If the government has known about this since
December, the fact that lawmakers responsible for oversight of
[digital affairs] had to learn of it through the press is really
scandalous," the Left Party's cyber expert, Anke Domscheit-Berg,
told public broadcaster ZDF.

… The group's 2015 attack on the Bundestag was
so far-reaching that the German government was forced to replace its
entire IT infrastructure.

Apparently Equifax is
still discovering new ways to find out what happened on its systems.
Shouldn’t they know from sources they already used to manage their
security? Oh wait, that’s right, they didn’t manage their
security.

Equifax Inc (EFX.N),
a provider of consumer credit scores, on Thursday said it found
another 2.4 million U.S. consumers hit by a data breach last year,
bringing the total to 147.9 million.

The company said the latest batch of
consumers affected had their names and driver’s license information
stolen, but noted less information was taken because it did not
include home addresses, driver’s license states, dates of
issuances, or expiration dates.

Malicious
Use of Artificial Intelligence: Forecasting, Prevention, and
Mitigation

“This
report surveys the landscape of potential security threats from
malicious uses of AI, and proposes ways to better forecast, prevent,
and mitigate these threats. After analyzing the ways in which AI may
influence the threat landscape in the digital, physical, and
political domains, we make four high-level recommendations for AI
researchers and other stakeholders. We also suggest several
promising areas for further research that could expand the portfolio
of defenses, or make attacks less effective or harder to execute.
Finally, we discuss, but do not conclusively resolve, the long-term
equilibrium of attackers and defenders.” arXiv:1802.07228
[cs.AI] (or arXiv:1802.07228v1
[cs.AI] for this version)

The
New York Times: “There’s a new generation of cameras that
understand what they see. They’re eyes connected to brains,
machines that no longer just see what you put in front of them, but
can act on it — creating intriguing and sometimes eerie
possibilities. At first, these cameras will promise to let us take
better pictures, to capture moments that might not have been possible
with every dumb camera that came before. That’s the pitch Google
is making with Clips,
a new camera that went on sale on Tuesday. It uses so-called machine
learning to automatically take snapshots of people, pets and other
things it finds interesting… Now, A.I. will create a revolution in
how cameras work, too. Smart cameras will let you analyze pictures
with prosecutorial precision, raising the specter of a new
kind of surveillance — not just by the government but by
everyone around you, even your loved ones at home…”

Microsoft
and UPMC unveil virtual AI assistant that listens in and takes notes
on doctor’s visits

Every day, doctors and nurses across the country
do a complicated dance around patient care. They turn back and forth
as a mother describes her child’s symptoms, trying to listen and
simultaneously log information in the electronic health record. They
huddle with a team to coordinate a cancer patient’s care using
whiteboards, post-it notes and clipboards.

Microsoft wants to use technology to make things
easier and more efficient in those situations. The company announced
a slew of new cloud- and artificial-intelligence-fueled technologies
Wednesday as part of its Healthcare
NExT program, all aimed at helping healthcare providers wage a
technology revolution in the industry.

The company announced four new projects: A
healthcare-focused Azure
cloud blueprint; Microsoft
Genomics, a platform that powers genetic analysis and
personalized medicine; A new
template for Microsoft Teams specialized for healthcare
providers; and Empower
MD: an artificial intelligence platform that can assist doctors
by listening in and
learning from their conversations with patients.[Will
AI eventually be recognized as a ‘third party’ in this
conversation, effectively eliminating any claim to privacy? Bob]

Networking startup Mist
Systems Inc., which has built a self-learning wireless local area
network for enterprises that’s powered by artificial intelligence
technologies, is gearing up for expansion after landing a $46 million
late-stage funding round.

… Mist is quickly making a name for itself
thanks to its Wireless
LAN offering, which is essentially just a local area network for
enterprises that doesn’t rely on wired Ethernet connections. The
company said its Wireless LAN is superior to other networks, claiming
it’s the world’s first “self-learning network” powered by its
proprietary AI technology.

The self-learning capabilities means that many of
the laborious tasks associated with managing the network can be
automated. In addition, Mist said, its Wireless LAN helps to make
Wi-Fi services more predictable, reliable and measurable by providing
greater visibility into the network’s inner workings.

On the heels of the Federal Trade
Commission’s (“FTC”) third annual “PrivacyCon,”
the Future of Privacy Forum hosted its eighth annual “Privacy
Papers for Policymakers” event on Capitol Hill—a gathering in
which academics present their original scholarly works on
privacy-related topics to D.C. policy wonks who may have a hand in
shaping laws and regulations at the local, federal, and international
level. The goal of the event is, in part, to foster
academic-industry collaboration in addressing the world’s current
and emerging privacy issues.

… The DNC dubs its effort the "IWillVote"
program and says it sets the party's most ambitious goal ever for a
midterm election.

It will consist of new branding and content, tools
and technologies, a voter hotline, online ads, and on-the-ground
organizing — all with the aim of getting people to commit early to
voting and then following through with them to ensure they register
and ultimately turn out.

My students were very reluctant to ask Facebook
(et al) to identify potential school shooters, but isn’t that what
the EU is suggesting they could do?

The European Union on Thursday upped its ante
against tech companies, including Alphabet Inc.’s Google, Facebook
Inc. and Twitter Inc., announcing sweeping guidelines for speedily
scrubbing terror and other illegal content from their European
websites, following pressure by some national governments to make
internet firms legally liable for the information that appears on
their platforms.

The European Commission, the bloc’s executive,
said tech firms should remove terror content within one hour of it
being flagged...

(Related) Is it really better if we don’t know
these people (people Yahoo fears or hates?) are out there? Would it
be better to group them in a ‘comedy channel’ or a ‘collection
of examples for mental health workers to practice on?’

YouTube is
taking down conspiracy theorist channels and popular gun videos

In the wake of the
February 14 Parkland, FL school shooting, YouTube has banned a
considerable number of the most egregious conspiracy peddlers and
alt-righters from its ranks. The company also issued “warning
strikes” and partial suspensions to a number of other channels, at
least one of which was gun-focused. The move comes after months of
scandals regarding the site’s inability to properly moderate the
content published on its platform.

We discussed the chicken shortage in our Data
Management class (my classes are fun) so this will be a great
follow-up.

KFC outlets in the U.K. are reporting a shortage
of the fried chicken joint’s famous gravy just weeks after some
locations ran
out of chicken and were forced to close down.

… A spokesperson for KFC owner Yum
Brands told Reuters that while 97% of KFC locations have
reopened, the restaurants are going
through a gravy shortage due to “ongoing distribution
challenges” at DHL.

Judging by the recruiters at our last Job Fair, my
students are selling fast, so they need to keep their resumes
current!

… Google envisions the
Learn with
Google AI site serving as a repository for machine learning and
AI, and it’s meant to be a hub for anyone looking to “learn about
core ML concepts, develop and hone your ML skills, and apply ML to
real-world problems.” The site will apparently cater to all levels
of AI enthusiasts, from researchers looking for advanced tutorials to
beginners.

The U.S. intelligence community developed
substantial evidence that state websites or voter registration
systems in seven states were compromised by Russian-backed covert
operatives prior to the 2016 election — but never
told the states involved, according to multiple U.S.
officials.

Top-secret intelligence requested by
President Barack Obama in his last weeks in office identified seven
states where analysts — synthesizing months of work — had reason
to believe
Russian operatives had compromised state websites or databases.

Three senior intelligence officials told
NBC News that the intelligence community believed the states as of
January 2017 were Alaska, Arizona, California, Florida, Illinois,
Texas and Wisconsin.

Read more on NBC,
as their coverage goes beyond just these seven states, and they are
reporting on a very concerning issue, even if, as they report, “All
state and federal officials who spoke to NBC News agree that no votes
were changed and no voters were taken off the rolls.” At least for
those seven states. But what about the others? So far, there
doesn’t seem to be a lot of evidence of successful penetration much
less data tampering, but was
2016 just a test run for something more in 2018?

A
newly discovered ransomware family is generating a different
encryption key for each of the encrypted files but saves none of
them, thus making data recovery impossible.

Dubbed
Thanatos,
the malware was discovered by MalwareHunterTeam and already analyzed
by several other security researchers.

When
encrypting files on a computer, the malware appends the .THANATOS
extension to them. After completing the encryption, the malware
connects to a specific URL to report back, thus allowing attackers to
keep track of the number of infected victims.

The
malware also generates an autorun key to open the ransom note every
time the user logs in. In that note, the victim is instructed to
send $200 to a listed crypto-coin address. Victims are also
instructed to contact the attackers via email to receive a decryption
program.

The
issue with the new ransomware is that it, because
it doesn’t save the encryption keys, files cannot be decrypted
normally. However, victims don’t know that and might
end up paying the ransom in the hope they can recover their files.

Authorities in China’s troubled, heavily
surveilled region of Xinjiang are deploying a platform that marshals
the troves of data being collected to identify and pre-emptively
detain potential troublemakers, according to a rights group.

Human Rights Watch said Tuesday the “predictive
policing” platform combines feeds from surveillance cameras with
other personal data such as phone use, travel records and religious
orientation, and then analyzes the information to identify suspicious
individuals.

Palantir
has secretly been using New Orleans to test its predictive policing
technology

Palantir deployed a
predictive policing system in New Orleans that even city council
members don’t know about

… According to Ronal
Serpas, the department’s chief at the time, one of the tools used
by the New Orleans Police Department to identify members of gangs
like 3NG and the 39ers came from the Silicon Valley company Palantir.
The company provided software to a secretive NOPD program that
traced people’s ties to other gang members, outlined criminal
histories, analyzed social media, and predicted the likelihood that
individuals would commit violence or become a victim. As part of the
discovery process in Lewis’ trial, the government turned over more
than 60,000 pages of documents detailing evidence gathered against
him from confidential informants, ballistics, and other sources —
but they made no mention of the NOPD’s partnership with Palantir,
according to a source familiar with the 39ers trial.

Via LLRX
– From
Judging Lawyers to Predicting Outcomes – Itai Gurari
discusses Judicata’s latest technology solution – Clerk – that
evaluates briefs filed in court, grading them on three dimensions:
Arguments, Drafting, and Context. The grading reflects factors like
how strong the brief’s arguments are, how persuasive the relied
upon cases are, and the extent to which the brief cites precedent
that supports the desired outcome.

A recent
(yet to be peer-reviewed) study found that, after Uber enters new
markets, the rates of ambulance rides typically go down, meaning
fewer people call professionals in favor of the cheaper option.
People have always taken taxis to the hospital — there’s the
classic example of the woman going into labor in the back of a cab —
but ride-hail technology makes it much easier, especially in less
densely populated cities. This money-saving tactic might make sense
for people in noncritical condition, but it puts ride-hail drivers in
an uncomfortable position. They’re forced to choose between
assuming potential legal liability if something goes wrong, or
dealing with a sense of guilt and the fear of getting
a lower rating if they decline or cancel the ride.

The
Guardian.com: “Children are increasingly finding it hard to
hold pens and pencils because of an excessive use of technology,
senior paediatric doctors have warned. An overuse of touchscreen
phones and tablets is preventing
children’s finger muscles from developing sufficiently
to enable them to hold a pencil correctly, they say. “Children are
not coming into school with the hand strength and dexterity they had
10 years ago,” said Sally Payne, the head paediatric occupational
therapist at the Heart of England foundation NHS Trust. “Children
coming into school are being given a pencil but are increasingly not
be able to hold it because they don’t have the fundamental movement
skills….”

“It’s easier to give a child an iPad
than encouraging them to do muscle-building play such as building
blocks, cutting and sticking, or pulling toys and ropes. Because of
this, they’re not developing the underlying foundation skills they
need to grip and hold a pencil.”

I cannot help but say, I told you so – it is not
only kids who cannot hold pencils or pens and actually write on paper
anymore – it is adults as well. And how many people do you know
(excluding librarians please) who actually type – with two hand
over a keyboard, using all their respective fingers (I am raising my
hand but you cannot see me) – and I own so many pens that I am
afraid of being shamed for what is considered an odd collection of
otherwise “useless objects.” I actually use them daily to write
real cards – to people I know – and to take notes – every day –
but then – I am a librarian/researcher/knowledge manager – who
does
not own a phone that I can “swipe.” I have an 8
year old “smartphone” with whom I have an increasingly
contentious relationship – but I digress. If people do not use the
muscles in their hands, will they eventually be of no use (an
unimaginable fate for some, most..of us?).

Tuesday, February 27, 2018

Lying about your weight on an online
dating site? Checking out who won the Falcons game from your work
computer? Using your computer hacking knowledge as an “ethical
hacker?” Those actions may become illegal if a Georgia bill gets
voted into law, civil liberty advocates say.

Supporters of a bill making its way
through the state legislature say it’s designed to give law
enforcement the ability to prosecute “online snoopers” —
hackers who break into a computer system but don’t disrupt or steal
data. The legislation came
in response to a recent data breach at a Georgia university in which
unauthorized cybersecurity experts noticed the vulnerability of
Georgia’s voting records.

Russian computer hackers operating in
Colorado and 15 other states used data-mining viruses to steal
thousands of credit card numbers from U.S. residents in 20 states and
sold them on the darknet for more than $3.6 million, according to
federal court documents.

Cellebrite,
an Israeli company known for selling solutions to law enforcement
agencies around the globe to unlock smartphones, is back in the news
again. This time around, the company is touting a
new solution that would make it possible to crack just about any
device that is currently running Apple's iOS
11 operating system.

To understand why this announcement is so pivotal,
we must rewind to just over two years ago. Following the San
Bernardino terrorist attack that left 14 people dead in late 2015,
Apple and the U.S.
Department of Justice got into a war
of words about device encryption and backdoor software access,
bringing the subject to a mainstream audience. Law enforcement
officials – lead primarily by the FBI – argued that they needed
access to one of the perpetrators' iPhones for national security
reasons. Apple argued that providing backdoor access to the FBI
or other agencies could lead to a reduction in security for all
of its customers and stood
its ground.

In the end, the FBI ended up gaining access to the
iPhone 5c thanks
to software [reportedly] made
by Cellebrite. Now, Cellebrite's ability to crack encryption on
iPhones extends to all current hardware capable of running iOS 11
including the iPhone
X. According to sources for Forbes', the latest hack to
circumvent Apple security was perfected over the past few months and
is being shopped around to Cellebrite's usual law enforcement
clientele.

Cellebrite describes its services, writing, "These
new capabilities enable forensic practitioners to retrieve the full
file system to recover downloaded emails, third-party application
data, geolocation data and system logs, without needing to jailbreak
or root the device.

… We should note that Android devices aren't
immune from Cellebrite's tentacles either, as it can access data
on "Samsung Galaxy and Galaxy Note devices; and other popular
devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE,
and more."

In October 2017, KrebsOnSecurity warned
that ne’er-do-wells could take advantage of a relatively new
service offered by the U.S.
Postal Service that provides scanned images of all
incoming mail before it is slated to arrive at its destination
address. We advised that stalkers or scammers could abuse this
service by signing up as anyone in the household, because the USPS
wasn’t at that point set up to use its own unique communication
system — the U.S. mail — to alert residents when someone had
signed up to receive these scanned images.

The USPS recently told this publication that
beginning Feb. 16 it started alerting all households by mail whenever
anyone signs up to receive these scanned notifications of mail
delivered to that address. The notification program, dubbed
“Informed Delivery,”
includes a scan of the front of each envelope destined for a specific
address each day.

Your digital footprint — how often you post on
social media, how quickly you scroll through your contacts, how
frequently you check your phone late at night — could hold clues to
your physical and mental health.

That at least is the theory behind an emerging
field, digital phenotyping, that is trying to assess people’s
well-being based on their interactions with digital devices.
Researchers
and technology
companies are tracking users’ social media posts, calls,
scrolls and clicks in search of behavior changes that could correlate
with disease symptoms. Some of these services are opt-in. At least
one is not.

Law and
reputation firms generate 21% of Right to Be Forgotten delistings,
says Google

Google says that there are “tens of thousands”
of Right
to Be Forgotten (RTBF) requests filed each month in Europe. In a
new blog
post, the company explains that it’s updating its “Transparency
Report,” which details RTBF requests, to include new categories of
information.

In addition to reporting aggregate data on
requests, their countries of origin and percentages granted, Google
says it will now reveal:

What sort of
content is associated with the request: personal information,
professional information, criminal activity

Whether the site
on which the link appears is a directory site, news site, social
media or other.

Delisting rate by content category

Google is simultaneously releasing a
report that provides more depth and detail on the nature of
delisting requests, summarizing three years of data since RTBF first
came into being in May 2014. The high-level findings are provided in
an infographic in the blog post.

In the report, Google says there are “two
dominant intents for RTBF delisting requests.” Roughly a third (33
percent) of requests are related to personal information on social
media and directory sites. Another 20 percent relate to news and
government websites that contain “a requester’s legal history.”
The rest are diverse and span a range of content types and
objectives.

… One of the more interesting disclosures in
the report is that there is a category of high-volume RTBF
requesters. Google reports that the top 1000 requesters “generated
14.6 percent of requests and 20.8 percent of delistings. These
mostly included law firms and reputation management agencies, as well
as some requesters with a sizable online presence.”

Public
broadcaster music library closing, CDs to be digitised, destroyed

Radio
Canada International: “Canada’s public broadcaster CBC
(English) and Radio-Canada (French) is going through massive changes.
The sprawling headquarters of the Radio-Canada network in Montreal
have been sold, and the organisation will move to new and much
smaller rented quarters being built on one of the former parking
lots. With huge funding cuts from the government and increasing
costs, this has meant equally massive staff and production cuts.
Rapidly developing technological developments are also driving the
changes. The broadcaster with stations across the country has, over
the decades, amassed a vast collection of recorded music and other
artefacts… The main French-language production centre of
Radio-Canada in Montreal has also been digitising its collection.
However, recently it was revealed that most of the collection of over
200,000 CDs will be destroyed when the process is completed in 2019
and prior to the move to new quarters in 2020. The destroyed
materials apparently will be recycled…”

Vero, a photo-sharing app that launched in 2015,
is the latest app to benefit from ongoing frustration with
Instagram's hated algorithm.

A week ago, the
app was ranked so low it didn't even appear in the App Store's
top 1,500 apps; today it's the most popular app in the entire App
Store. It's gotten so popular that the app's servers have been
overloaded, with many users unable to post or even sign up for an
account.

… So how does it make money?

The short answer is that it doesn't — at least,
not yet. Because there are no ads on the platform, Vero says it will
eventually rely on user subscriptions for the bulk of its revenue.

Instagrammers have been upset over the app's
algorithm since it rolled out last year. But, unlike other changes,
which people have gotten used to over time, frustration seems to have
only intensified over time.

Now, Instagram users are promoting their Vero
accounts to followers. There are currently more than 500,000
Instagram posts tagged as #Vero, the majority of which are users
posting screenshots of their profiles and asking followers to join
them on the app.

Perspective. Back in my day, it was "Duck
and cover" and we couldn’t shoot back. Perhaps training
on how to recognize mental illness would be more valuable?

This is
America: 9 out of 10 public schools now hold mass shooting drills for
students

Read this and weep – and then get busy –
please: How
“active shooter” drills became normal for a generation of
American schoolchildren. “… Since Columbine, 32 states have
passed laws requiring schools to conduct lockdown drills to keep
students safe from intruders. Some states went even further after 20
children died in Newtown, Connecticut, in 2012. Now, six
states require specific “active shooter” drills each year.
That means the training must be specifically tailored to respond to
an armed gunman out to kill. There is no consensus on what these
drills should look like, but several states, including Missouri,
require shooting simulations with police officers…”

Flutter
is Google’s open source toolkit for helping developers build iOS
and Android apps. It’s not necessarily a household name yet, but
it’s also less than a year old and, to some degree, it’s going up
against frameworks like Facebook’s popular React Native. Google’s
framework, which is heavily focused around the company’s Dart
programming language, was first announced at Google’s I/O
developer conference last year.

Thirteen employees were fired in 2017 from the
Medical University of South Carolina after administrators determined
they had broken federal law by using patient records without
permission, spying on patient files or disclosing private
information.

Some of
these privacy breaches involved high-profile patients. [You couldn’t
sell my records to the National Enquirer. Bob]

MUSC staff explained to the hospital's Board of
Trustees during a recent meeting that designated
employees monitor the news media for any potential privacy breaches.
Sometimes, they said, health care providers will "snoop"
in patient records after a case makes the news. Eleven of 58 privacy
breaches at MUSC in 2017 were categorized as snooping.

… But patients shouldn't worry excessively
about the security of their own information. Experts agree that
digital medical records are more secure than paper ones. [I’m
an expert, and I strongly disagree. Bob]

Elizabeth Willis, the corporate privacy officer at
Roper St. Francis, said the
ability to track each employee who opens a record makes patient files
less vulnerable to a security breach. [It
makes detection of breaches easier, but does nothing to stop a breach
– see paragraph one. Bob]

… She provided further information about
security breaches and terminations at MUSC dating back to 2013.
Since then, MUSC has identified 307 breaches and 30 employees have
been fired. Nearly half of all those firings occurred last year.
None were physicians,
Woolwine said.

I called this a while back… Russia is
demonstrating what could happen if they are banned from future games.

Russian
military spies hacked hundreds of computers used by Winter Olympics
organizers and tried to make it look like the work of North Korea,
the Washington Post reported Sunday, quoting US intelligence sources.

Data
Drive Journalism – “The rise
of political bots brings into sharp focus the role of automated
social media accounts in today’s democratic civil society. Events
during the Brexit
referendum and the 2016
U.S. Presidential election revealed the scale of this issue for
the first time to the majority of citizens and policy-makers. At the
same time, the deployment of Russian-linked
bots designed to promote pro-gun laws in the aftermath of the
Florida school shooting demonstrates
the state-sponsored, real-time readiness to shape, through
information warfare, the dominant narratives on platforms such as
Twitter. The regular news reports on these issues lead us
to conclude
that the foundations of democracy have become threatened by the
presence of aggressive and socially disruptive bots, which aim to
manipulate online political discourse. While there is clarity on the
various functions that bot accounts can be scripted to perform, as
described below, the task of accurately defining this phenomenon and
identifying bot accounts remains a challenge. At Texifter,
we have endeavoured to bring nuance to this issue through a research
project which explores the presence of automated accounts on Twitter.
Initially, this project concerned itself with an attempt to identify
bots which participated in online conversations around the prevailing
cryptocurrency phenomenon. This article is the first in a series of
three blog posts produced by the researchers at Texifter that
outlines the contemporary phenomenon of Twitter bots. Bot accounts
are a persistent feature of the user experience on Twitter. They can
increase the influence of positive, negative, or “authentic” fake
news stories; promote opinion posts from a variety of accounts
(botnets); and circulate memes. Their ability to shape online
political discourse and public opinion, however, is generating
legitimate concerns. The significance of the bot effect stretches
from the academic research community, to tech and platform companies,
national regulatory bodies, and the field of journalism. One of the
most recognized examples of this involves the lead-up to the 2016
U.S. Presidential Election. During that period, over 50,000
automated Twitter accounts from Russia retweeted and disseminated
political material posted by and for Trump, reaching over 677,775
Americans. Over 2,000,000 tweets and retweets were the result of
these Twitter bots, accounting for approximately 4.25%
of all retweets of Trump’s tweets in the lead-up to the U.S.
election. These findings accentuate the larger
issue of state actors using social media automation as a tool of
political influence…”

The
financial industry has been pushing for the adoption of EMV (Europay,
MasterCard, Visa) card technology in the United States since 2011,
and efforts were increased
following the disclosure of the massive data breach suffered by
Target in 2013.

However,
according to Visa, by September 2015, only roughly 392,000 merchant
locations had been accepting chip cards, and the number of Visa debit
and credit cards using this technology was only at 159 million.

Data
collected by Visa shows the number of storefronts that had
migrated to EMV technology by December 2017 increased by more than
570%, with 2.7 million storefronts in the U.S., representing 59% of
the total, accepting chip cards. The number of Visa cards using chip
technology increased by 202% to 481 million, with 67% of Visa payment
cards having chips.

Visa
also reported that EMV cards accounted for 96% of the overall payment
volume in the United States in December 2017, with chip payment
volume reaching $78 billion.

As
a result of U.S. merchants upgrading their payment systems for EMV
cards, cases of counterfeit fraud had dropped by 70% in September
2017 compared to December 2015.

While
the adoption of chip and PIN technology addresses the problem of
counterfeit card fraud, it has not deterred fraudsters, who have
simply shifted their focus to card-not-present (CNP) and other types
of fraud.

Happily
chatting and walking between lessons, these children are being
watched by school spy cameras designed for their protection.

Now
it has emerged that the images can be viewed by anyone after the CCTV
systems were hacked and put online.

A
disturbing website, which boasts ‘Watch live surveillance cameras
in the UK’, allows people anywhere in the world to spy on children,
teachers and parents in real time.

[…]

The
website broadcasting the footage claims no cameras are hacked and all
the internet-connected cameras on the site do not have proper
password protection.

Read more on Daily
Mail. So have UK parents just discovered the Internet of
Unsecured Things the hard way? Were these systems really hacked or
did they just use default configurations available to everyone or….?
And will this result in cams in toilets being removed? Will any
lessons be learned or is this just another 15 minute news cycle?

On January 30, 2018, EDUCAUSE, a higher
education technology association, submitted a letter to the U.S.
Department of Education describing concerns that it had with the
Federal Student Aid (“FSA”) ability to protect federal student
financial aid data.

First, EDUCAUSE expressed concerns about
letters that various colleges and universities received from the FSA.
These letters indicated that a data breach or suspected data breach
occurred at educational institutions, and required the institutions
to make a full accounting of their information security program.
Some of the letters also indicated that the institutions failed to
self-report alleged or suspected breaches. It
appeared that the FSA identified these institution from news reports,
but EDUCAUSE expressed concern that FSA did not confirm that the
breaches or suspected breaches occurred prior to sending the letter.

Second, EDUCAUSE expressed concerns that FSA did
not have proper reporting procedures in place. In late 2017, the FSA
stated that notifications
could be made via text message to an FSA official’s cellphone
number. It also indicated that blocked phishing attempts
constituted a suspected data breach that must be “immediately
reported,” (i.e. on the date of detection).

On February 13, 2018, the New York Times reported
that Uber is
planning an IPO. Uber’s value is estimated between $48 and $70
billion, despite reporting losses over the last two years. Twitter
reported a loss
of $79 million before its IPO, yet it commanded a valuation of
$24
billion on its IPO date in 2013. For the next four years, it
continued to report losses. Similarly, Microsoft paid $26
billion for loss-making LinkedIn in 2016, and Facebook paid $19
billion for WhatsApp in 2014 when it had no revenues or profits.
In contrast, industrial giant GE’s stock price has declined
by 44% over the last year, as news emerged about its first losses
in last 50 years.

Why do investors react negatively to financial
statement losses for an industrial firm but disregard such losses for
a digital firm?

Search and
explore faculty, staff, and adjunct salary data at thousands of
colleges

Chronicle of Higher Education – Chronicle
Data – Institutions are grouped under the most recent Carnegie
Classification. User may search full time salaries, staff salaries,
and adjunct salaries, by college, state, sector or Carnegie
Classification, as well as display by college.

See also related reference from last June
via Quartz – As
Comey shows, documenting conversations with your boss can be smart
– “Careful documentation of meetings via notes and memos is part
of the FBI’s
culture (via NYT), but there are sound reasons for ordinary
workers to at least consider doing the same when we talk to our
bosses. Taking notes—or better, recording conversations in states
where its legal—is sound practice for employees who feel their
managers are doing something inappropriate…

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.